From owner-svn-src-all@freebsd.org Wed Feb 22 19:29:04 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1F556CE9A2D for ; Wed, 22 Feb 2017 19:29:04 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B6FBE168F for ; Wed, 22 Feb 2017 19:29:03 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qt0-x231.google.com with SMTP id n21so11438071qta.1 for ; Wed, 22 Feb 2017 11:29:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=zWeFcwQd3wPkaq67FQmF7FF4c0rvpX+WtCTir9UzIfE=; b=xpr77eBquXGZbXbpv76p8zVlk0dOfFbuRP9yteh9m3JrSGLwvhHXfAD0OGRAFeRXQx k6QcGFg6b4Dk2xX8wSTa2v16PYILYudHqK7JqOY0t+h8EC7neHiB+ZrSTdtdglU7Z+uG No6KilBhJT3DDvy4FccsXNnBceB2ONGZX0FbHL3ChZNgbd6jAeoxS/H8NMPz9bBeAXBc TNdxhtS22KCrx+IiJ1yn2yEOY1EIEw3Yd+01BPl59bZGngxvzBmji5EycfeECt8aG5+X kDmoGlmFMuhIJQl5GvWIdelzr0jNjPBl5msTMw+qTMnlbMuIxnjBtvFI38eO9L8LsqGa FT1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=zWeFcwQd3wPkaq67FQmF7FF4c0rvpX+WtCTir9UzIfE=; b=rPhUy1U+x8h1eI9aX6EA0jARykzc/lPb2MppfsBVKeqK+bSo0GUdqj3zN7Pq+26siz r5H09Q0ayO7OWENgswN2W7CQGYhYr4pxJXO07qqSaKAlS33O7NaSQStE6xhRAgKGNi0f 0j+qHYCsTVCd5yvKKDhiYjnAU5qUmlVHYwhw9PCLzCc8NNpUs5/zvJQiUkAN5dpyDGA6 k8eoHt25mLVv2NdZxk1z6QF7OVPSOzBKPirt8UOpRPHtOMGyJFKC03YKXguG9S+NP9UC YZJ1794bY/n4ZhnS2MSAIADhgQwZi4eBv018InWNNG3ck2AD6blpuedyvMQyb8spCQv7 4BLg== X-Gm-Message-State: AMke39lSDXGYsm5wsuVjohJWfNHgpGHbhKkdYlGIC9OjtqBaS1mgY/p2+PFYC667PN88QAw5 X-Received: by 10.237.59.213 with SMTP id s21mr30579567qte.146.1487791742736; Wed, 22 Feb 2017 11:29:02 -0800 (PST) Received: from mutt-hbsd ([63.88.83.66]) by smtp.gmail.com with ESMTPSA id r18sm1274379qke.26.2017.02.22.11.29.01 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 22 Feb 2017 11:29:01 -0800 (PST) Date: Wed, 22 Feb 2017 14:29:01 -0500 From: Shawn Webb To: Allan Jude Cc: cem@freebsd.org, Slawa Olhovchenkov , svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers , Bart??omiej Rutkowski Subject: Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts Message-ID: <20170222192901.y4ulonfnlamqmapc@mutt-hbsd> References: <201702210937.v1L9bY6V093836@repo.freebsd.org> <28a4cf5e-2edd-3e30-9ecd-817f886e9ea3@FreeBSD.org> <20170221144002.GA87822@FreeBSD.org> <20170222112335.GA29481@ymer.vnode.se> <20170222180541.GG15630@zxy.spb.ru> <457783d7-def2-3970-f180-58697a156423@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3zdgbykcuvelxock" Content-Disposition: inline In-Reply-To: <457783d7-def2-3970-f180-58697a156423@freebsd.org> X-Operating-System: FreeBSD mutt-hbsd 12.0-CURRENT-HBSD FreeBSD 12.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: NeoMutt/20170206 (1.7.2) X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2017 19:29:04 -0000 --3zdgbykcuvelxock Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 22, 2017 at 02:23:26PM -0500, Allan Jude wrote: > On 2017-02-22 13:13, Conrad Meyer wrote: > > On Wed, Feb 22, 2017 at 10:05 AM, Slawa Olhovchenkov w= rote: > >> On Wed, Feb 22, 2017 at 08:11:14AM -0800, Conrad Meyer wrote: > >> > >>> On Wed, Feb 22, 2017 at 3:23 AM, Joel Dahl wrote: > >>>> On Wed, Feb 22, 2017 at 07:56:52AM +0000, Bart??omiej Rutkowski wrot= e: > >>>>> I strongly believe we should, by default, ship as secured and harde= ned as > >>>>> possible in order to improve overall security of new users installa= tions. > >>>>> Power users will and do change the OS as they please, they most lik= ely > >>>>> don't use bsdinstall in first place, so they're not affected in any= way. > >>>> > >>>> Sorry, I strongly disagree with that. I'm most likely a "power user"= and I use > >>>> bsdinstall. > >>> > >>> Ditto. I'm also unfamiliar enough with the installer to trip on this > >>> kind of thing. Slawa's proposed "disable all" option would be fine. > >> > >> My english not enought fluent for more explicate proposal, from my > >> point most of this options do hardened in only limited cases, for > >> other cases same options do system more un-hardened by force working > >> as root. Some have unevident effects (/tmp cleaning, for example). > >=20 > > Yep. I am not concerned about disabling sendmail or remote syslog by > > default, though. > >=20 > >> For many users this options will be source of weird issuses (gdb don't > >> work? fucking ugly freebsd! migrate to linux). > >=20 > > Yeah, I am concerned about this too. (Also: "ps doesn't work" would > > be a big newbie sysadmin headache.) > >=20 > >> This is evil trend of enforcing weird solutions under the auspices of > >> 'my safety': airport security check, backgound check on every point, > >> lawfull intercept, block access to hardware management in safety > >> enviroment by 'leak ecnription'. I am enoght smart for self-sufficient > >> security risk assessment! > >> > >> Industry already have at some "hardened" BSD: OpenBSD and HardenedBSD. > >> Waht about market share? > >=20 > > Best, > > Conrad > >=20 >=20 > Yeah, a think a number of these options are good, but a bunch are no go. > I do not want something deleting my files from /tmp unexpectedly. TrueOS > has that on by default, and it has eaten useful files a few too many time= s. >=20 > Breaking gdb should NOT be on by default either. >=20 > For some of the others, having them on by default in bsdinstall might be > a good way to 'test' the features under a wider user load, before we > switch the defaults for the sysctls. FYI: HardenedBSD has had the sysctl nodes set for a while now (> 1 year). The only "gotcha" moment we've had is with ASAN requiring the ability to determine memory maps, which is broken by setting security.bsd.unprivileged_proc_debug to 0. HardenedBSD has also set security.bsd.hardlink_check_gid and security.bsd.hardlink_check_uid both to 1. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --3zdgbykcuvelxock Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlit5nkACgkQaoRlj1JF bu6pYRAAgpfHtLasls9cJDlQEaudYn8ZrT9EJchKpucRTHiIirIksrjIN08cK8/m zBn6myLGa8TGJettZjfzot8x0g/9OrUfjkpk59682BNSf9k+5Zq7HzuXKfaf0NeB /baJBp6e7mwFv7V9Ijq67qOsEMAUoeUOb20XHAtbOZ4ZfEDNi6LLZAXpRHxvWRek x2yUWAMQtazMboM/4MTfD9tD/gFQSfGYVfKBXjqW2ajSF/17ws3dcEPL6QHznwlj T3tU5lUeGWUCCeoPhTGGpCf2g5CqvOC160+exQMGszT8IdAUdxezdOTWyaYSYqty qFIQhGXNeIq5Is/+oDiNaStSme6L1wFTCGMXXOlqHmYUWX7zxEJxAh6/H2mC4CIR NXzZHLo93PNrNdTC97J/dkXmqnpoLVcHWq46d1NTx9auvl3Ed5sSUq+Ois9k5zrz FiH6xvSX1lwAv1eKtHQ5FwOBqCFaHM11bI8eod9kZAQdZX8id2tbxyemZ2VT7Sks 8cXo8w6eeNwfFrk+8sl+OhxUrVWg1h7zeFReckgP3JtymnyGGIHAerhE4PIW1aXJ l2JXlensejUBzZ8RGt3GE7Pf7kVeDbkuXQkbJnUi4N9Lt97si/OHUfFgsEh9SczH u2MB54fLCBqmTKM9vUuT4Ok1w6X+F0xdCAa1iHumySiLGBR0LXw= =bX6S -----END PGP SIGNATURE----- --3zdgbykcuvelxock--